. https://www.tracesecurity.com/blog/daily-breach-1/emerson-hospital-reports-third-party-vendor-breach-from-may-2018
blog article
Concord, Massachusetts-based Emerson Hospital is notifying 6,300 patients that their data was potentially breached nearly one year ago, due to insider wrongdoing at one of its vendors. According to a statement released on March 8, the data breach occurred during a weeklong period from May 9 to May 17, 2018. A former employee of Emerson’s claims processing vendor, Miramed Revenue Group, sent a file containing patient health data to an unauthorized individual. An investigation into the incident determined the file included data from about 6,300 patients, which included patient names, Social Security numbers, addresses, and insurance policy details. This type of data is commonly used for identity theft. Officials stressed the file did not contain any medical treatment or conditions, nor any financial data like credit card details. The hospital spokesperson added: “A detailed forensic investigation showed that the files were of such poor quality that a third-party did not find the data useful.” The security incident was reported to law enforcement, and the employee who improperly disclosed the information is no longer with the vendor. As a precaution, all impacted patients have been offered two years of identity theft protection services. READ MORE